Use this quick start guide to collect all the information about EXIN PDPF Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the EXIN Privacy and Data Protection Foundation (PDPF) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual EXIN Privacy and Data Protection Foundation certification exam.
The EXIN PDPF certification is mainly targeted to those candidates who want to build their career in Data Protection and Security domain. The EXIN Privacy and Data Protection Foundation exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of EXIN Privacy and Data Protection.
EXIN PDPF Exam Summary:
| Exam Name | EXIN Privacy and Data Protection Foundation |
| Exam Code | PDPF |
| Exam Price | $268 (USD) |
| Duration | 60 mins |
| Number of Questions | 40 |
| Passing Score | 65% |
| Schedule Exam | EXIN |
| Sample Questions | EXIN PDPF Sample Questions |
| Practice Exam | EXIN PDPF Certification Practice Exam |
EXIN Privacy and Data Protection Exam Syllabus Topics:
| Topic | Details | Weights |
|---|---|---|
GDPR scope - 12.5% |
||
| Privacy and data protection |
The candidate can… - define privacy. - relate privacy to personal data and data protection. - describe the context of European Union (EU) and EU Member State law. |
5% |
| Scope of the GDPR |
The candidate can… - define personal data according to the GDPR. - define processing of personal data that falls within the scope of the GDPR. - make a distinction between personal data and special categories of data. |
7.5% |
Principles of data processing - 37.5% |
||
| Stakeholder roles, rights, and obligations |
The candidate can… - list the roles, responsibilities and stakeholders in the GDPR. - describe the process and activities required to comply with the GDPR. - list the different types of administration (GDPR Article 28 & Article 30). |
7.5% |
| Data protection by design and by default |
The candidate can… - describe the seven principles of data protection by design. - describe the benefits of data protection by design and by default. |
5% |
| Legitimate grounds for processing |
The candidate can… - list the six legitimate grounds for processing. - describe the requirements for lawful data processing. |
5% |
| Rights of the data subjects |
The candidate can… - describe the right to transparent information, communication, and modalities. - describe the right of access. - describe the right to data portability. - describe the right to rectification. - describe the right to erasure. - describe the right to restriction of processing. - describe the right to object and the right to lodge a complaint with the supervisory authority. - describe rights regarding automated decision-making. |
12.5% |
| Principles of processing personal data |
The candidate can… - describe lawfulness, fairness, and transparency. - describe purpose specification and purpose limitation. - describe data minimization and storage limitation. - describe accuracy, integrity, and confidentiality of personal data. - describe proportionality and subsidiarity. |
7.5% |
Practice of data processing - 10% |
||
| Data governance |
The candidate can… - describe the purpose of data lifecycle management (DLM). |
2.5% |
| Processing online |
The candidate can… - describe the definition, functionality, and purpose of a cookie. - describe the right to object to the processing of personal data for the purpose of direct marketing, including profiling. |
2.5% |
| Using artificial intelligence (AI) |
The candidate can… - identify challenges to GDPR compliance when using AI. - describe conditions for compliance with the GDPR when using AI. |
5% |
International personal data transfers - 15% |
||
| Cross-border transfers within the European Economic Area (EEA) |
The candidate can… - describe the regulations that apply to data transfers inside the EEA. - describe the concept of binding corporate rules (BCR). - describe how data protection is formalized in BCR between the controller and the processor. - describe the clauses of BCR. |
10% |
| Cross-border transfers outside the European Economic Area (EEA) |
The candidate can… - describe the regulations that apply to data transfers outside the EEA. - describe the regulations that apply to data transfers between the EEA and the United States of America (U.S.) |
5% |
Risk assessment and mitigation - 25% |
||
| Data protection impact assessment (DPIA) and prior consultation |
The candidate can… - outline what a DPIA covers and when to do a DPIA. - list the eight objectives of a DPIA. - list the topics of a DPIA report. |
7.5% |
| Personal data breaches and related procedures |
The candidate can… - define a personal data breach. - describe the difference between a data breach (incident) and a personal data breach. - give examples of personal data breaches. - list relevant stakeholders that should be informed in case of a personal data breach. - describe the personal data breach notification obligation as laid down in the GDPR. |
12.5% |
| Supervisory authorities |
The candidate can… - describe the general responsibilities of a supervisory authority. - describe enforcement of the rules by issuing penalties including administrative fines. |
5% |
To ensure success in EXIN Privacy and Data Protection certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for EXIN Privacy and Data Protection Foundation (PDPF) exam.